
package de.unihannover.se.restlab.microblog.resources;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import com.sun.jersey.api.NotFoundException;

import de.unihannover.se.restlab.microblog.data.AccountStorage;
import de.unihannover.se.restlab.microblog.data.AuthService;
import de.unihannover.se.restlab.microblog.data.UserStorage;
import de.unihannover.se.restlab.microblog.models.Account;
import de.unihannover.se.restlab.microblog.models.Role;

public class AccountRessource {

	private HttpServletRequest request;

	private Account account;
	private int accountId;

	public AccountRessource (Integer id, HttpServletRequest req) {
		accountId = id;
		account = AccountStorage.getStorage().getAccount(id);
		request = req;
		if (this.account == null || this.request == null) throw new NotFoundException();
	}

	@GET
	@Produces({MediaType.TEXT_PLAIN, MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
	public Response show (@HeaderParam("Authorization") String authHeader) {
		//String authHeader = request.getHeader("Authorization");
		if (authHeader == null) { // Auhtorizaiton-Header angegeben?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: Auhtorization required\"").build();
		} else if (!(AuthService.isUserAuthenticated(request))) { // User und Passwort korrekt?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: User or Password incorrect\"")
				.build();
		} else if (!(account.getAccountId() == accountId || account.getRole() == Role.Admin)) { // Nur Admin oder der richtige User
// zulässig
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: keine Zugriffsberechtigung\"")
				.build();
		} else {
			return Response.ok(account).build();
		}
	}

	/* @GET
	 * 
	 * @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) public Response getUser() { return
	 * Response.ok(user).build(); } */

	@PUT
	@Produces({MediaType.TEXT_PLAIN, MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
	@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
	public Response change (@FormParam("name") String name, @FormParam("password") String password, @HeaderParam("Authorization") String authHeader) {
		//String authHeader = request.getHeader("Authorization");
		if (authHeader == null) { // Auhtorizaiton-Header angegeben?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: Auhtorization required\"").build();
		} else if (!(AuthService.isUserAuthenticated(request))) { // User und Passwort korrekt?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: User or Password incorrect\"")
				.build();
		} else if (!(account.getAccountId() == accountId || account.getRole() == Role.Admin)) { // Nur Admin oder der richtige User
// zulässig
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: keine Zugriffsberechtigung\"")
				.build();
		} else {
			account.setPassword(password);
			account.getUser().setName(name);
			return Response.ok(account).build();
		}
	}

	@DELETE
	@Produces({MediaType.TEXT_PLAIN, MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
	public Response delete (@HeaderParam("Authorization") String authHeader) {
		//String authHeader = request.getHeader("Authorization");
		if (authHeader == null) { // Auhtorizaiton-Header angegeben?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: Auhtorization required\"").build();
		} else if (!(AuthService.isUserAuthenticated(request))) { // User und Passwort korrekt?
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: User or Password incorrect\"")
				.build();
		} else if (!(account.getAccountId() == accountId || account.getRole() == Role.Admin)) { // Nur Admin oder der richtige User
// zulässig
			return Response.status(401).header("www-Authenticate", "Basic realm=\"Account-Liste: keine Zugriffsberechtigung\"")
				.build();
		} else {
			UserStorage.getStorage().removeUser(account.getUser());
			AccountStorage.getStorage().removeAccount(account);
			return Response.noContent().build();
		}
	}

}
